VEGAS/gitlab: add GitLab Runner
This commit is contained in:
parent
0961b893eb
commit
24650556d8
4 changed files with 29 additions and 1 deletions
|
@ -19,6 +19,7 @@ in
|
||||||
age.secrets = lib.flip lib.genAttrs mkSecret [
|
age.secrets = lib.flip lib.genAttrs mkSecret [
|
||||||
"gitlab-initial-root-password"
|
"gitlab-initial-root-password"
|
||||||
"gitlab-openid-secret"
|
"gitlab-openid-secret"
|
||||||
|
"gitlab-runner-registration"
|
||||||
"gitlab-secret-db"
|
"gitlab-secret-db"
|
||||||
"gitlab-secret-jws"
|
"gitlab-secret-jws"
|
||||||
"gitlab-secret-otp"
|
"gitlab-secret-otp"
|
||||||
|
@ -81,5 +82,19 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.gitlab-runner = {
|
||||||
|
enable = true;
|
||||||
|
services = {
|
||||||
|
shell = {
|
||||||
|
# File should contain at least these two variables:
|
||||||
|
# `CI_SERVER_URL`
|
||||||
|
# `REGISTRATION_TOKEN`
|
||||||
|
registrationConfigFile = secrets.gitlab-runner-registration;
|
||||||
|
executor = "shell";
|
||||||
|
tagList = [ "shell" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."${cfg.host}" = tools.nginx.vhosts.proxy "http://unix:/run/gitlab/gitlab-workhorse.socket";
|
services.nginx.virtualHosts."${cfg.host}" = tools.nginx.vhosts.proxy "http://unix:/run/gitlab/gitlab-workhorse.socket";
|
||||||
}
|
}
|
||||||
|
|
|
@ -91,6 +91,6 @@ in
|
||||||
|
|
||||||
programs.ssh.knownHosts.git = {
|
programs.ssh.knownHosts.git = {
|
||||||
hostNames = [ "git.${domain}" ];
|
hostNames = [ "git.${domain}" ];
|
||||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0rChVEO9Qt7hr7vyiyOP7N45CjaxssFCZNOPCszEQi";
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICz2nGA+Y4OxhMKsV6vKIns3hOoBkK557712h7FfWXcE";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
12
secrets/gitlab-runner-registration.age
Normal file
12
secrets/gitlab-runner-registration.age
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 NO562A YU2/APfP6kPGX5e7bHBWdaom4ZwmytI/IoP+g3th5h0
|
||||||
|
2IfalzEAkV0xCr35dOiCpxUHw24a3AbkOGVJ4L/uaWU
|
||||||
|
-> ssh-ed25519 5/zT0w DbMexjii0bSvqgGC9rNgCBOaQXfgzthcOPBT6dnKeGc
|
||||||
|
C4dMDu8WgATu0sdPKACw07Fn5jq6Pe7uN8/Iv2tVcAs
|
||||||
|
-> ssh-ed25519 d3WGuA uIwhL4l3t07R5TYO1zo3dV9ktgWtoKR4JdvaHblEB3M
|
||||||
|
265C3gEza2uh6oVca/gUNxqKjU2S8bhN/q4Dlw2EEy4
|
||||||
|
-> /"-grease +Wqw(R
|
||||||
|
4HG/GLt5Drs7C0j1+DBwRIHQDVEl2JNuZ+BLNuaNG5pFIdO0EIG26XJFfdGOPQHo
|
||||||
|
wkc
|
||||||
|
--- 2U7WL4OUr1Tcg3u3FejyVH8/RasT6Fc8a2M9acsycHQ
|
||||||
|
×úC# Ö½l%Ê\#̱‹×Âÿ²`S%AÇ¢Åæ<C385>[lh²Rq®X®U ²ªVo‚°G @a‡¿<E280A1>âÅ„»o/‘…3&€ØèyôI(Õ¢ŽýV®-Kê掛•ù<E280A2>sî\çz:h§GœAsµ²n<C2B2>ÉêGáHà«tH„ˆq1Ùÿ<C399>.Þ¬»aù¢g؃ÿÞ¥†âA³e_TLiÄãEæé‘ï³56±
|
|
@ -9,6 +9,7 @@ in with hosts;
|
||||||
"ghost-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"ghost-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"gitlab-initial-root-password.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"gitlab-initial-root-password.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"gitlab-openid-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"gitlab-openid-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
|
"gitlab-runner-registration.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"gitlab-secret-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"gitlab-secret-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"gitlab-secret-jws.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"gitlab-secret-jws.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"gitlab-secret-otp.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"gitlab-secret-otp.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
|
|
Loading…
Reference in a new issue